Are you a Google Analytics enthusiast?
More SEO Content
Nasty Tricky Email Virus Text
Posted 02 March 2004 - 09:00 PM
It's obvious to me, because I am "domain.com", but this one is going to fool some people.
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Tuesday, March 02, 2004 7:59 PM
Subject: Warning about your e-mail account.
Dear user, the management of Domain.com mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.
For details see the attached file.
For security reasons attached file is password protected. The password is "86028".
The Domain.com team http://www.domain.com
Posted 02 March 2004 - 09:21 PM
We are frantically trying to figure out how to handle this...
Here's a message I just got - MyISP.com is a standin for our domain.
Subject: Warning about your e-mail account.
Dear user of MyISP.com gateway e-mail server,
Your e-mail account has been temporary disabled because of unauthorized access.
Advanced details can be found in attached file.
Attached file protected with the password for security reasons. Password is 41724.
The MyISP.com team http://www.MyISP.com
The nasty bit is that our virus catcher will never see this due to the randomized password encryption - each mail is unique.
Further, it appears to come from us.
We are trying to see if the Bayesian filter can be trained to see it as spam at least... but the polymorphism is so extreme that the utility of that is dubious.
Posted 03 March 2004 - 01:42 AM
Posted 03 March 2004 - 02:48 AM
However, I can't help but laugh. It's funny to me because these things paralize our "modern" society. Because people are essentially naive or gullable about this stuff, what will ultimately happen is that we all devolve into plain text email with no attachments and html pages with only plain text and graphics.
I guess the point is, because of the virus writers and the spammers, we're all going to using the web like it was 1994 again.
I think it goes to show you just how fragile all the "internet" stuff is. The underlying hardware and low level protocols are obviously robust, but it's the high level end user stuff that's so frail.
Just amusing to me, that's all.
Posted 03 March 2004 - 03:29 AM
The bulk of this stuff is not written by geniuses, it is mostly the work of script kiddies and the like. Track and trace, together with better security will ensure that when this happens the originators can be traced, and brought to justice, REAL justice.
Posted 03 March 2004 - 03:50 AM
NO What should happen is that the software companies (by and large Microsoft) MUST build in better track and trace and security features.
Ouch, that's a scary statement. I, for one, would rather annoying little social engineering viruses roaming the internet than for one goliath of a business being able to track to the level you've described.
Computer forensics don't need any help. There's already enough there to track down pretty much everything given enough time and resources. Much better the situation as it is today than if one institution holds all the information.
This is why the US's Patriot Act is so disturbing.
Posted 03 March 2004 - 04:11 AM
I shudder to think about the amount of time I spend having to update and maintain my firewall/anti-virus defences against these scumbags.
Maybe one day governments will recognise how serious this is and starting treating spammers & virus-writers like terrorists. Until then it'll never go away.
I can't help noticing that when a large scale attack takes place, like myDoom, the huge quantity of virus-carrying emails is matched by an equally huge number of automated emails from corporate systems returning spoofed emails found with the virus. It would make a lot of sense if corporate firewalls automatically stopped sending virus notification emails when the volume of arriving viruses reaches a certain level. That way, at least the increased volume of traffic at the time of an attack could be significantly reduced.
Posted 03 March 2004 - 01:04 PM
For what? For money...
It really is amazing the lengths to go to. And for what? Just to be total assholes? I just don't get it.
Depending on the payload of this little gem (which I honestly haven't followed up on), could be it's simply the latest in the string of Trojans that attempt to set up unsuspecting PCs out there to relay spam. The spammers make big bucks on the they send, and complying with CAN-SPAM and the EU laws are going to cost money (and limit the number/type of e-mails they can send). So, the logical next step is to recruit an army of zombie relays.
End users with always-on broadband connections, unprotected by any sort of firewall, are a prime target. Get enough of them in harness and you've got a virtually unlimited width pipe to pump your out on to the 'net and -- bonus benefit -- you're virtually untraceable.
Add in the ability to launch DOS attacks on anybody you don't like using those same zombies, and the motivation is clear.
Posted 03 March 2004 - 01:31 PM
I am surprised that Yahoo (hosting) hasn't caught these and blocked them.
Posted 03 March 2004 - 06:54 PM
People are getting so used to the gobbledy-gook that is in most spam these days that something like this email, that is worded with such official authority, really fools them.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users